This builds off of the recursion checking introduced by -depth to avoid a deadlock if/when we recurse into ourselves while looking up the user's UID to compare it to the configured value. --- pam_ldap-185/ldap.conf 2005-08-17 18:35:13.000000000 -0400 +++ pam_ldap-185/ldap.conf 2006-02-09 14:14:05.000000000 -0500 @@ -177,8 +177,8 @@ #nss_base_aliases ou=Aliases,dc=padl,dc=com?one #nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one -# Just assume that there are no supplemental groups for these named users -nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm,polkituser,rtkit,pulse +# Just assume that there are no supplemental groups for system users. +nss_initgroups_minimum_uid 500 # attribute/objectclass mapping # Syntax: